Serverless Authentication not working - elastic: Error 401 (Unauthorized)

[vishnurpiper]

We’re using Amazon OpenSearch Serverless on AWS and provisioning the necessary infrastructure resources through Terraform. Our indexes are also managed in IaC, using the opensearch-project/opensearch Terraform provider.

resource "opensearch_index" "index" {
  name                           = "blah"
  number_of_shards               = "2"
  number_of_replicas             = "0"
  index_knn                      = true
  index_knn_algo_param_ef_search = "512"

  mappings      = <<-EOF
  EOF

provider "opensearch" {
  url         = <collection endpoint>
  healthcheck = false
  aws_assume_role_arn = <assume role arn>
  aws_assume_role_external_id = "Terraform"
  # sign_aws_requests = true
  version_ping_timeout = "10"
}

We are unable to refresh the opensearch_index, when we run our IaC we get an error - elastic: Error 401 (Unauthorized).
Our open search serverless collection is in a private VPC.
We are using v2.2.0 of the open search provider, I've tried upgrading to v2.3.0 without much success.
I've tried the different basic auth setups (profile, assume role, access/secret) without much success.
What am I missing? Any guidance would be appreciated.

[gaiksaya]

Hi @vishnurpiper
Can you take a look at https://github.com/rblcoder/terraform-opensearch-samples/tree/main/aws_opensearch_assume_role which gives an example on how to connect using IAM roles.
Thanks!
cc: @prudhvigodithi @rblcoder

[kaisensan]

@vishnurpiper I was getting the same error and the "issue" was that my AOSS network was set to private. Once I recreated it with public network access, the module worked as expected.